The Cisco Infrastructure group is for the discussion of technical issues that arise during the implementation, administration, or daily use of Cisco networking products such as WAN, LAN, Switching, Routing, and Network Management.

Getting unassigned ip address for users

I have 6509 districbution switch to which around 20 access switches(which are all stack) are connecting through gigabit interfaces .
The problem i am facing is my distribuiton cpu utilization is getting high upto 100 % and all access switches cpu utilization also getting 100 %
the some of the users are getting an ip address in the range of 192.168.x.x, these range i have not assigned in my dhcp pools of distribution switch
what is the possible cause of these problem

Popular White Paper On This Topic

Good Day,
I would like to know , about your network ,
Do you have Vlans properly created, ( Do not use Vlan 1 )
If not , Then please create vlans as per the requirement,
You can create vlan based on two thing,
1. Floor based,
2. Department based,
3. Block based

The first step I would take is to find the rouge DHCP server by looking at the gateway assigned to one of the devices with a 192.168. IP.
Once you have the IP address of the rogue server you can isolate it by using the ARP table on the core router and the MAC tables on the access switches.
After the rogue server is disabled see if the CPU is still high.
Good Luck,
Colin

Dear Experts,
Thanks for all your replies and all your replies are helpful for me
Yes, isolated the rogue server and solved that problem but still the cpu
utilization at distribution switch is going upto maximum 80% and at all
access switches the maximum utilization is going upto 100%, guidance of
experts is required to me thanks

Among the possible causes for this are:
A bad NIC causing a broadcast storm
Virus infection on one or more hosts
Failing switch or mis-configuration
You can use a sniffer to capture and analyze traffic.
Depending upon the network topology, severity of the symptoms, and user sensitivity to outages, you can use a more basic technique.
You indicated that the access switches are stacked. Are they all in one stack or do you have several stack in different areas?
If you have various stacks of switches feeding back to the 6509, disconnect the stacks from the 6509 one at a time long enough to see if the utilization drops on the 6509 and remaining stacks.
After a couple of minutes with a stack disconnected you'll either see the utilization drop on the 6509 or you won't. If it drops you've identified the stack that is the source of the problem. If not, reconnect that stack and disconnect another, and so on.
After you know which stack is the culprit you can do the same thing by switch port to isolate the guilty host.
If there are multiple hosts that are contributing to the problem this technique is much less effective.
The long term solution is to install a graphing tool such as Cacti or MRTG to monitor each switch port utilization. You can then simply browse though the graphs to locate the switch port that is showing the abnormal traffic.
Good Luck,
Colin

Copyright 1998-2015 Ziff Davis, LLC (Toolbox.com). All rights reserved. All product names are trademarks of their respective companies. Toolbox.com is not
affiliated with or endorsed by any company listed at this site.